diff options
| -rw-r--r-- | hosts/surtr/http.nix | 2 | ||||
| -rw-r--r-- | hosts/surtr/matrix/default.nix | 9 |
2 files changed, 9 insertions, 2 deletions
diff --git a/hosts/surtr/http.nix b/hosts/surtr/http.nix index a17f846e..af27f178 100644 --- a/hosts/surtr/http.nix +++ b/hosts/surtr/http.nix | |||
| @@ -27,7 +27,7 @@ | |||
| 27 | access_log syslog:server=unix:/dev/log main; | 27 | access_log syslog:server=unix:/dev/log main; |
| 28 | error_log syslog:server=unix:/dev/log info; | 28 | error_log syslog:server=unix:/dev/log info; |
| 29 | 29 | ||
| 30 | client_body_temp_path /run/nginx-client-bodies; | 30 | client_body_temp_path /run/nginx-client-bodies; |
| 31 | ''; | 31 | ''; |
| 32 | additionalModules = with pkgs.nginxModules; [ dav pam ]; | 32 | additionalModules = with pkgs.nginxModules; [ dav pam ]; |
| 33 | virtualHosts = { | 33 | virtualHosts = { |
diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix index 936a0528..55adffd3 100644 --- a/hosts/surtr/matrix/default.nix +++ b/hosts/surtr/matrix/default.nix | |||
| @@ -57,6 +57,8 @@ with lib; | |||
| 57 | "url_preview_ip_range_whitelist" = [ | 57 | "url_preview_ip_range_whitelist" = [ |
| 58 | "2a03:4000:52:ada::/128" | 58 | "2a03:4000:52:ada::/128" |
| 59 | ]; | 59 | ]; |
| 60 | |||
| 61 | "max_upload_size" = "500M"; | ||
| 60 | })) | 62 | })) |
| 61 | ]; | 63 | ]; |
| 62 | }; | 64 | }; |
| @@ -112,7 +114,7 @@ with lib; | |||
| 112 | add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type, Authorization'; | 114 | add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type, Authorization'; |
| 113 | add_header Access-Control-Max-Age 7200; | 115 | add_header Access-Control-Max-Age 7200; |
| 114 | ''; | 116 | ''; |
| 115 | in listToAttrs (map (n: nameValuePair n { proxyPass = "http://matrix-synapse"; }) ["/_matrix" "/_synapse/client" "/_synapse/admin"]) // { | 117 | in listToAttrs (map (n: nameValuePair n { proxyPass = "http://matrix-synapse"; extraConfig = "client_max_body_size 500M;"; }) ["/_matrix" "/_synapse/client" "/_synapse/admin"]) // { |
| 116 | "= /.well-known/matrix/server" = { | 118 | "= /.well-known/matrix/server" = { |
| 117 | extraConfig = '' | 119 | extraConfig = '' |
| 118 | default_type application/json; | 120 | default_type application/json; |
| @@ -143,6 +145,11 @@ with lib; | |||
| 143 | sslTrustedCertificate = "/run/credentials/nginx.service/element.synapse.li.chain.pem"; | 145 | sslTrustedCertificate = "/run/credentials/nginx.service/element.synapse.li.chain.pem"; |
| 144 | extraConfig = '' | 146 | extraConfig = '' |
| 145 | add_header Strict-Transport-Security "max-age=63072000" always; | 147 | add_header Strict-Transport-Security "max-age=63072000" always; |
| 148 | |||
| 149 | add_header X-Frame-Options SAMEORIGIN; | ||
| 150 | add_header X-Content-Type-Options nosniff; | ||
| 151 | add_header X-XSS-Protection "1; mode=block"; | ||
| 152 | add_header Content-Security-Policy "frame-ancestors 'none'"; | ||
| 146 | ''; | 153 | ''; |
| 147 | 154 | ||
| 148 | root = pkgs.element-web.override { | 155 | root = pkgs.element-web.override { |